What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

How to get specific process with specific owner

Votes:

0

I'm trying to monitor the functioning of an older app. There might be many instances of this app, but the only one I care about runs in a specific user context - all of the others will be running in the localsystem context, and do not reliably indicate whether the app is healthy. If there are no instances of the app running in this specific user context, we must be alerted so that we can correct the problem.

I've been able to run a manual WMIC query (wmic /node:computer1 /user:"[email protected]" process where name="foo.exe" call getowner) to list the process with that name and their respective owners, but am not seeing how to narrow down the output to determine if the particular foo.exe is being run by user baz.

We've go PRTG 14.4.12.3510+ running on Win 2008 R2. I've upgraded powershell on it to v4, if that's any help.

Any help in configuring this would be much appreciated.

Kurt

batch-file process wmi-process-sensor

Created on Jan 7, 2015 9:15:25 PM



8 Replies

Votes:

0

Dear kurtbuff

This can only be done if you write a complete script, not with a single WMI query. Please have a look at the getowner() method of the Get-WmiObject win32_process query.

Created on Jan 9, 2015 2:17:20 PM by  Arne Seifert [Paessler Support]

Last change on Apr 25, 2017 11:59:49 AM by  Arne Seifert [Paessler Support]



Votes:

0

Thanks. I will investigate writing this up in PowerShell, and will post back a sample once I get it working.

Kurt

Created on Jan 9, 2015 5:08:09 PM



Votes:

0

Gave up on powershell. Instead, I'm using a very simple batch file, and still can't get it to work.

I've put together a batchfile, and it works just fine when run manually (that is, it does return 0 when at least one instance of the executable is in memory running in the context of the stated user), but fails with the following message:

"\Windows\system32>wmic /node:computer process where name="example.exe" call getowner | findstr username ERROR: Description = Access is denied. 1 was unexpected at this time. C:\Windows\system32>if 1 1 goto SendMessage"

The batchfile looks like this (send-message.cmd uses blat to send an email to several people):

---------- wmic /node:computer process where name="example.exe" call getowner | findstr username if %errorlevel% 1 goto SendMessage if %errorlevel% 0 goto ExitClean

:SendMessage "c:\program files (x86)\prtg network monitor\custom sensors\exe\send-message.cmd" echo 2:example.exe Not Running Exit 2

:ExitClean echo 0:ok Exit 0 ----------

Created on Jan 12, 2015 10:22:50 PM



Votes:

0

Please check if you set the proper security context for the script. This can be done in the sensor configuration tab.

Created on Jan 13, 2015 12:45:49 PM by  Arne Seifert [Paessler Support]



Votes:

0

I have tried both settings: "Use security context of probe service" (the service runs under localsystem) and "Use Windows credentials of parent device" (which inherits all the way from the device group of which the monitored server is a member, and that account has local admin rights on the monitored machines.)

Neither works.

Kurt

Created on Jan 13, 2015 4:55:16 PM



Votes:

0

Dear Kurt

Please try Powershell for these kind of queries. When you set the correct executionpolicy, the script should run.

Created on Jan 14, 2015 3:01:31 PM by  Arne Seifert [Paessler Support]



Votes:

0

Did you ever get a powershell script to accomplish this? I'm looking for the same result and my powershell abilities are not getting me to the right solution.

Created on Apr 24, 2017 9:24:43 PM



Votes:

0

Here is an (extremely simple) example, using local WMI, which just lists the owner name of each process:

$processes=Get-WmiObject win32_process
foreach ($process in $processes)
   {
   $owner=$process.GetOwner()
   write-host $process.Name "is owned by" $owner.User
   }

Created on Apr 25, 2017 12:19:40 PM by  Arne Seifert [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.